mechanisms software vulnerabilities
vulnerabilities.aspcode.net
Searching mechanisms software vulnerabilities
The Kerberos Telnet protocol, as implemented by
implemented
|
protocol
|
Kerberos
|
Telnet
|
KTH
|
The Kerberos Telnet protocol, as implemented by KTH Kerberos IV and Kerberos V (Heimdal), does not encrypt authentication and encryption options sent from the server, which allows remote attackers to downgrade authentication and encryption mechanisms via a man-in-the-middle attack.
Outlook Express 5.5 and 6.0 on Windows treats a
carriage
|
Windows
|
Outlook
|
Express
|
return
|
treats
|
Outlook Express 5.5 and 6.0 on Windows treats a carriage return ("CR") in a message header as if it were a valid carriage return/line feed combination (CR/LF), which could allow remote attackers to bypass virus protection and or other filtering mechanisms via a mail message with headers that only contain the CR, which causes Outlook to create separate headers.
OpenSSL 0.9.6e uses assertions when detecting b
assertions
|
mechanisms
|
detecting
|
attackers
|
overflow
|
attacks
|
instead
|
service
|
OpenSSL
|
remote
|
allows
|
denial
|
buffer
|
severe
|
cause
|
which
|
096e
|
uses
|
less
|
OpenSSL 0.9.6e uses assertions when detecting buffer overflow attacks instead of less severe mechanisms, which allows remote attackers to cause a denial of service (crash) via certain messages that cause OpenSSL to abort from a failed assertion, as demonstrated using SSLv2 CLIENT_MASTER_KEY messages, which are not properly handled in s2_srvr.c.
The download function of Internet Explorer 6 SP
threadid10008
|
demonstrated
|
ContentType
|
mechanisms
|
directory
|
attackers
|
security
|
response
|
function
|
download
|
Explorer
|
Internet
|
invalid
|
random
|
bypass
|
remote
|
obtain
|
allows
|
could
|
allow
|
names
|
cache
|
which
|
rely
|
HTTP
|
name
|
file
|
via
|
htm
|
SP1
|
The download function of Internet Explorer 6 SP1 allows remote attackers to obtain the cache directory name via an HTTP response with an invalid ContentType and a .htm file, which could allow remote attackers to bypass security mechanisms that rely on random names, as demonstrated by threadid10008.
The mod_auth_shadow module 1.0 through 1.5 and
mod_auth_shadow
|
authentication
|
authenticated
|
restrictions
|
AuthShadow
|
mechanisms
|
specified
|
locations
|
directive
|
security
|
enabled
|
through
|
require
|
remote
|
shadow
|
module
|
bypass
|
Apache
|
allow
|
users
|
might
|
group
|
other
|
which
|
uses
|
even
|
all
|
use
|
The mod_auth_shadow module 1.0 through 1.5 and 2.0 for Apache with AuthShadow enabled uses shadow authentication for all locations that use the require group directive, even when other authentication mechanisms are specified, which might allow remote authenticated users to bypass security restrictions.
phpBB 2.0.17 and earlier allows remote attacker
phpBB
|
phpBB 2.0.17 and earlier allows remote attackers to bypass protection mechanisms that deregister global variables by setting both a GET/POST/COOKIE (GPC) variable and a GLOBALS[] variable with the same name, which causes phpBB to unset the GLOBALS[] variable but not the GPC variable.
Unspecified vulnerability in Business Objects W
WebIntelligence
|
vulnerability
|
Unspecified
|
attackers
|
Business
|
service
|
Objects
|
denial
|
allows
|
remote
|
cause
|
65x
|
Unspecified vulnerability in Business Objects WebIntelligence 6.5x allows remote attackers to cause a denial of service (user account lock out) via unknown attack vectors related to "authentication mechanisms" and "form input."
scponlyc in scponly 4.1 and earlier, when the o
application
|
LD_PRELOAD
|
mechanisms
|
privileges
|
operating
|
directory
|
arbitrary
|
modified
|
creating
|
scponlyc
|
supports
|
function
|
expected
|
scponly
|
linking
|
earlier
|
execute
|
setuid
|
modify
|
chroot
|
allows
|
system
|
using
|
users
|
local
|
calls
|
their
|
hard
|
home
|
code
|
root
|
scponlyc in scponly 4.1 and earlier, when the operating system supports LD_PRELOAD mechanisms, allows local users to execute arbitrary code with root privileges by creating a chroot directory in their home directory, hard linking to a system setuid application, and using a modified LD_PRELOAD to modify expected function calls in the setuid application.
pmwiki.php in PmWiki 2.1 beta 20, with register
register_globals
|
vulnerabilities
|
deregister
|
mechanisms
|
cross-site
|
protection
|
variables
|
resultant
|
inclusion
|
scripting
|
GLOBALS[]
|
attackers
|
pmwikiphp
|
variable
|
enabled
|
setting
|
creates
|
PmWiki
|
causes
|
remote
|
global
|
bypass
|
allows
|
unset
|
which
|
file
|
such
|
both
|
beta
|
name
|
same
|
GPC
|
but
|
not
|
pmwiki.php in PmWiki 2.1 beta 20, with register_globals enabled, allows remote attackers to bypass protection mechanisms that deregister global variables by setting both a GPC variable and a GLOBALS[] variable with the same name, which causes PmWiki to unset the GLOBALS[] variable but not the GPC variable, which creates resultant vulnerabilities such as remote file inclusion and cross-site scripting (XSS).
MySQL 5.0.18 and earlier allows local users to
MySQL
|
MySQL 5.0.18 and earlier allows local users to bypass logging mechanisms via SQL queries that contain the NULL character, which are not properly handled by the mysql_real_query function. NOTE: this issue was originally reported for the mysql_query function, but the vendor states that since mysql_query expects a null character, this is not an issue for mysql_query.
PHP-Nuke 7.8 Patched 3.2 allows remote attacker
mechanisms
|
protection
|
attackers
|
injection
|
PHP-Nuke
|
Patched
|
remote
|
allows
|
bypass
|
/%2a
|
via
|
SQL
|
PHP-Nuke 7.8 Patched 3.2 allows remote attackers to bypass SQL injection protection mechanisms via /%2a (/*) sequences with the "ad_click" word in the query string, as demonstrated via the kala parameter.
kpf4ss.exe in Sunbelt Kerio Personal Firewall 4
kpf4ssexe
|
Personal
|
Firewall
|
Sunbelt
|
before
|
Kerio
|
43x
|
kpf4ss.exe in Sunbelt Kerio Personal Firewall 4.3.x before 4.3.268 does not properly hook the CreateRemoteThread API function, which allows local users to cause a denial of service (crash) and bypass protection mechanisms by calling CreateRemoteThread.
DeluxeBB 1.07 and earlier allows remote attacke
DeluxeBB
|
DeluxeBB 1.07 and earlier allows remote attackers to bypass SQL injection protection mechanisms via the login variable and certain other variables, by using lowercase "union select" or possibly other statements that do not match the uppercase "UNION SELECT."
Incomplete blacklist vulnerability in Kailash N
vulnerability
|
boastMachine
|
Incomplete
|
blacklist
|
Kailash
|
Nadh
|
Incomplete blacklist vulnerability in Kailash Nadh boastMachine (formerly bMachine) 3.1 and earlier allows remote authenticated administrators to bypass SQL injection protection mechanisms by using commas, quote characters, pound sign (#) characters, "UNION," and "SELECT," which are not filtered by the product, which only checks for "insert," "delete," "update," and "replace."
The Cisco Network Admission Control (NAC) 3.6.4
Admission
|
Control
|
Network
|
Cisco
|
The Cisco Network Admission Control (NAC) 3.6.4.1 and earlier allows remote attackers to prevent installation of the Cisco Clean Access (CCA) Agent and bypass local and remote protection mechanisms by modifying (1) the HTTP User-Agent header or (2) the behavior of the TCP/IP stack. NOTE: the vendor has disputed the severity of this issue, stating that users cannot bypass authentication mechanisms.
Cross-site scripting (XSS) vulnerability in MAX
Cross-site
|
scripting
|
Cross-site scripting (XSS) vulnerability in MAXdev MDPro 1.0.76 before Monday, September 18, 2006 allows remote attackers to inject arbitrary web script or HTML via (1) vectors that bypass the XSS protection mechanisms of the pnVarCleanFromInput function, and (2) unspecified vectors related to the AntiCracker.
Web Automated Perl Portal (WebAPP) 0.9.9.4, and
Automated
|
Portal
|
Perl
|
Web
|
Web Automated Perl Portal (WebAPP) 0.9.9.4, and 0.9.9.3.4 Network Edition (NE) (aka WebAPP.NET) allows remote attackers to bypass filtering mechanisms via unknown vectors. NOTE: The provenance of this information is unknown; the details are obtained solely from third party information.
Multiple unspecified vulnerabilities in the tem
vulnerabilities
|
authentication
|
Koukyoumuke
|
unspecified
|
mechanisms
|
attackers
|
Groupmax
|
template
|
Multiple
|
Workflow
|
vectors
|
through
|
unknown
|
remote
|
bypass
|
pages
|
files
|
01-00
|
Soumu
|
01-01
|
allow
|
03-03
|
02-00
|
web
|
via
|
Multiple unspecified vulnerabilities in the template files in Soumu Workflow for Groupmax 01-00 through 01-01, Soumu Workflow 02-00 through 03-03, and Koukyoumuke Soumu Workflow 01-00 through 01-01 allow remote attackers to bypass authentication mechanisms on web pages via unknown vectors.
The "hit-highlighting" functionality in webhits
"hit-highlighting"
|
functionality
|
Information
|
webhitsdll
|
Microsoft
|
Services
|
Internet
|
The "hit-highlighting" functionality in webhits.dll in Microsoft Internet Information Services (IIS) Web Server 5.0 only uses Windows NT ACL configuration, which allows remote attackers to bypass NTLM and basic authentication mechanisms and access private web directories via the CiWebhitsfile parameter to null.htw.
The login_to_simulator method in Linden Lab Sec
login_to_simulator
|
Second
|
Linden
|
method
|
Life
|
used
|
Lab
|
The login_to_simulator method in Linden Lab Second Life, as used by the secondlife:// protocol handler and possibly other Second Life login mechanisms, sends an MD5 hash in cleartext in the passwd field, which allows remote attackers to login to an account by sniffing the network and then sending this hash to a Second Life authentication server.
Software vulnerabilities results 1 to 20 of 26
Page:
1
2
►